[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Apr 25 15:36:02 MDT 2011
The branch, master has been updated
via d00f1fe No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient.
via eeb24c1 Correctly detect and deny symlinks anywhere in a path (not just the last component) if "follow symlinks = no".
from 80c395a s3: Remove unused code
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d00f1febd50b4779e8c5588055ee1f601448550c
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 25 12:45:49 2011 -0700
No longer need to call SMB_VFS_LSTAT - check name hasn't changed above is sufficient.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Mon Apr 25 23:35:37 CEST 2011 on sn-devel-104
commit eeb24c17739dd0bccf561b142841a7d2e560cdd0
Author: Jeremy Allison <jra at samba.org>
Date: Thu Apr 21 22:29:06 2011 -0700
Correctly detect and deny symlinks anywhere in a path (not just the last component) if "follow symlinks = no".
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/vfs.c | 64 ++++++++++++++++++++++++++++++----------------------
1 files changed, 37 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 3b482e7..39b30ec 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -899,6 +899,8 @@ char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn)
NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
{
char *resolved_name = NULL;
+ bool allow_symlinks = true;
+ bool allow_widelinks = false;
DEBUG(3,("check_reduced_name [%s] [%s]\n", fname, conn->connectpath));
@@ -973,9 +975,13 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
return NT_STATUS_OBJECT_NAME_INVALID;
}
- /* Check for widelinks allowed. */
- if (!lp_widelinks(SNUM(conn))) {
+ allow_widelinks = lp_widelinks(SNUM(conn));
+ allow_symlinks = lp_symlinks(SNUM(conn));
+
+ /* Common widelinks and symlinks checks. */
+ if (!allow_widelinks || !allow_symlinks) {
const char *conn_rootdir;
+ size_t rootdir_len;
conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
if (conn_rootdir == NULL) {
@@ -985,8 +991,9 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
return NT_STATUS_ACCESS_DENIED;
}
+ rootdir_len = strlen(conn_rootdir);
if (strncmp(conn_rootdir, resolved_name,
- strlen(conn_rootdir)) != 0) {
+ rootdir_len) != 0) {
DEBUG(2, ("check_reduced_name: Bad access "
"attempt: %s is a symlink outside the "
"share path\n", fname));
@@ -995,35 +1002,38 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
SAFE_FREE(resolved_name);
return NT_STATUS_ACCESS_DENIED;
}
- }
- /* Check if we are allowing users to follow symlinks */
- /* Patch from David Clerc <David.Clerc at cui.unige.ch>
- University of Geneva */
+ /* Extra checks if all symlinks are disallowed. */
+ if (!allow_symlinks) {
+ /* fname can't have changed in resolved_path. */
+ const char *p = &resolved_name[rootdir_len];
-#ifdef S_ISLNK
- if (!lp_symlinks(SNUM(conn))) {
- struct smb_filename *smb_fname = NULL;
- NTSTATUS status;
+ /* *p ran be '\0' if fname was "." */
+ if (*p == '\0' && ISDOT(fname)) {
+ goto out;
+ }
- status = create_synthetic_smb_fname(talloc_tos(), fname, NULL,
- NULL, &smb_fname);
- if (!NT_STATUS_IS_OK(status)) {
- SAFE_FREE(resolved_name);
- return status;
+ if (*p != '/') {
+ DEBUG(2, ("check_reduced_name: logic error (%c) "
+ "in resolved_name: %s\n",
+ *p,
+ fname));
+ SAFE_FREE(resolved_name);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ p++;
+ if (strcmp(fname, p)!=0) {
+ DEBUG(2, ("check_reduced_name: Bad access "
+ "attempt: %s is a symlink\n",
+ fname));
+ SAFE_FREE(resolved_name);
+ return NT_STATUS_ACCESS_DENIED;
+ }
}
+ }
- if ( (SMB_VFS_LSTAT(conn, smb_fname) != -1) &&
- (S_ISLNK(smb_fname->st.st_ex_mode)) ) {
- SAFE_FREE(resolved_name);
- DEBUG(3,("check_reduced_name: denied: file path name "
- "%s is a symlink\n",resolved_name));
- TALLOC_FREE(smb_fname);
- return NT_STATUS_ACCESS_DENIED;
- }
- TALLOC_FREE(smb_fname);
- }
-#endif
+ out:
DEBUG(3,("check_reduced_name: %s reduced to %s\n", fname,
resolved_name));
--
Samba Shared Repository
More information about the samba-cvs
mailing list